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Amendments to the Claims ; 

This listing of claims will replace all prior versions, and listings, of claims in the 

application. 

LISTING OF CLAIMS: 

1. (Currently amended) A apparatus for detecting adversarial activity on a network, 

comprising: 

a memory adapted to store a host table; 

a key exchanger adapted to derive a cipher key 

a translator adapted to translate predetermined portions of packet header 
information of a data packet according to a cipher algorithm keyed by the cipher key, wherein 
the predetermined portions include an address; 

a mapping device adapted to map the address to the host table; 

a host resolution device adapted to issue a request to dotormino addropa e o of 
doviooo on the network tn resolve the address when the address does not match an entry in the 
host table and to supplement the host table with any additional addrc aaea the address upon 
receipt of a renlv to the request that indicates th a t the address is valid, whoroin oaid mapping 
dovioo ia furthor adapted to again map tho addroao to host table following oupplomontatibn ; and 

an actuator adapted to trigger a security device when the address does not match 
an entry in the host table, 

2. (Original) An apparatus as set forth in Claim 1, wherein the security device is a 
logging device adapted to log the data packet. 

3. (Original) An apparatus as set forth in Claim 1, wherein the security device is 
adapted to signal an alarm when triggered. 
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4. (Currently amended) . An apparatus as set forth in Claim 1, wherein said host 
resolution device is adapted to dotormino tho addroaooo of tho d o vicoa on Iho notwor V derive the 
host table using an address resolution protocol 

5. (Original) An apparatus as set forth in Claim 1, further comprising: 

a network device adapted to place the data packet onto a network when the 
address maps to the host table. 

6. (Currently amended) A method for detecting adversarial activity on a network, 
comprising: 

storing a host table; 
deriving a cipher key; 

translating predetermined portions of packet header information of a data packet 
according to a cipher algorithm keyed by the cipher key, wherein the predetermined portions 

include an address; 

mapping the address to the host table; 

determining addrooacs of devic e s on issuin g a request to the network to resolve 
the address when the address does not match an entry in the host table and supplementing the 
host table with the address upon receipt of a r eply to the request that indicates that the address is 
valid any additional addroaooo prior to repeating the mapping of tho addrosa to tho hoot table ; and 

triggering a security device when the address does not match an entry in the host 



table. 



table. 



7. (Original) A method as set forth in Claim 6, further comprising: 

logging the data packet when the address does not match an entry in the host 



(Original) A method as set forth in Claim 6, further comprising: 
signaling an alarm when the security device is triggered. 



PACE 4/14 * RCVD AT 1/13/2006 3:06:12 PM [Eastern Standard Time] * 6VR:USPTO-EFXRF-6/32 * DNIS:2738300 * C SID: 9727 183946 * DURATION (mm-ss): 06-30 



01/13/06 FRI 15:06 F AX 9727183946 



VERIZON IP 



US PA TENT -AMEND @J005 



AppLNo.: 09/928,133 

Amdt. dated 12/27/2005 

Reply to Office action of October 14, 2005 

Page 4 

9. (Currently amended) A method as set forth in Claim 6, further comprising: 
rf^ivin p the host table d otomi ininfi addrooooo of doviooo on tho notwoik oomp r iocD determining 
addrooooo of d o viooo on the network , using an address resolution protocol. 

10. (Original) A method as set forth in Claim 6, further comprising: 

placing the data packet onto a network when the address maps to the host table. 

1 1 . (Currently amended) A device for detecting adversarial activity on a network, 
comprising: 

means for storing a host table; 
means for deriving a cipher key; 

means for translating predetermined portions of packet header information of a 
data packet according to a cipher algorithm keyed by the cipher key, wherein the predetermined 
portions include an address; 

means for mapping the address to the host table; 

means for dotormining oddr o osoo of dovio e o on issuing a request to the network to 
resolve the address when the address does not match an entry in the host table and supplementing 
the host table with the address upon receipt of a reply to the request that indicates that the 
address is valid any additional addrooooo, whorein paid moans for mapping io further adapted to 
again map tho addrooo to tho host table following ito suppl e mentation ; and 

means for triggering a security device when the address does not match an entry 

in the host table. 

12. (Original) A device as set forth in Claim 11, further comprising: 

means for logging the data packet when the address does not match an entry in the 

host table. 

13. (Original) A device as set forth in Claim 1 1 , further comprising: 
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means 



for signaling an alarm when the security device is triggered. 



means: 



14. (Currently amended) A device as set forth in Claim 1 1 , further comprising: 
far Having the host table wh uio in paid moanc for dot oi mining addr o ^oo of doviooa nn the 

network io furtho i o u p ablo of dot oi mming addrooooo of dovicoo on the network using an address 
resolution protocol. 

1 5. (Original) A device as set forth in Claim 11, further comprising: 

means for placing the data packet onto a network when the address maps to the 

host table. 

16. (Currently amended) A bastion host adapted for processing packet header 
information of a data packet, the bastion host being operable to: 

store a host table; 
derive a cipher key; 

translate predetermined portions of packet header information of a data packet 
according to a cipher algorithm keyed by the cipher key, wherein the predetermined portions 
include an address; 

map the address to the host table; 

dotormino addropooo of doviooo on issuing a request to the network to resolve the 
address when the address does not match an entry in the host table and supplement the host table 
with ih* address u pon receipt of a reply to th e request that indicates that the address is valid any 
additional addrooooo prior to ropoating tho mapping of tho addrooo to tho hoat tabl e; and 

trigger a security device when the address does not match an entry in the host 

table. 

17. (Original) The bastion host as set forth in Claim 1 6, the bastion host being further 
operable to log the data packet when the address does not match an entry in the host table. 
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1 8. (Original) The bastion host as set forth in Claim 1 6, the bastion host being further 
operable to signal an alarm when the security device is triggered. 

19. (Currently amended) The bastion host as set forth in Claim 16, the bastion host 
being further operable to dctormino tho addrooooo of dovkoo on tho network derive the host table 
using an address resolution protocol. 

20. (Original) The bastion host as set forth in Claim 1 6, the bastion host being further 
operable to place the data packet onto a network when the address maps to the host table. 

21 . (Previously presented) An apparatus as set forth in Claim 1, wherein said key 
exchanger is further adapted to repeatedly derive a cipher key with the cipher key derived by said 
key exchanger changing over time. 

22. (Previously presented) A method as set forth in Claim 6, wherein deriving the 
cipher key comprises repeatedly deriving a cipher key such that the resulting cipher key changes 
over time. 

23. (Previously presented) A device as set forth in Claim 11, wherein said means for 
deriving a cipher key is further adapted to repeatedly derive a cipher key such that the resulting 
cipher key changes over time. 

24. (Previously presented) A bastion host as set forth in Claim 16, the bastion host 
being further operable to repeatedly derive a cipher key such that the resulting cipher key 
changes over time. 
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